[参考译文] LAUNCHXL-CC1352P：bdb.c 中的&quot；bdb_TCProcessJoiningList&quot；问题

https://e2e.ti.com/support/wireless-connectivity/zigbee-thread-group/zigbee-and-thread/f/zigbee-thread-forum/1483245/launchxl-cc1352p-the-issue-of-bdb_tcprocessjoininglist-in-bdb-c

工具与软件：

在函数"bdb_TCProcessJoiningList"中、当"tempJoiningDescNode"的"NodeJoiningDeviceFree"为"0"时、指针"tempJoiningDescNode"被"bdb_TCJoiningDeviceFree"释放、之后指针"tempJoiningDescNode" 指向自身的下一个项目。   释放指针"tempJoiningDescNode"后、 "tempJoiningDescNode"中的值不正确。

此功能可以像这样固定

void bdb_TCProcessJoiningList(void)
{
  bdb_joiningDeviceList_t* tempJoiningDescNode;

  if(bdb_joiningDeviceList)
  {
    tempJoiningDescNode = bdb_joiningDeviceList;

    while(tempJoiningDescNode)
    {
      if(tempJoiningDescNode->NodeJoinTimeout)
      {
        tempJoiningDescNode->NodeJoinTimeout--;
      }

      if(tempJoiningDescNode->NodeJoinTimeout == 0)
      {
        uint8_t isTCLKExchangeRequired = bdb_doTrustCenterRequireKeyExchange();
        //Check if the key exchange is required
        if(isTCLKExchangeRequired)
        {
            AddrMgrEntry_t entry;

            entry.user = ADDRMGR_USER_DEFAULT;
            OsalPort_memcpy(entry.extAddr,tempJoiningDescNode->bdbJoiningNodeEui64, Z_EXTADDR_LEN);

            if(AddrMgrEntryLookupExt(&entry))
            {
              ZDSecMgrAPSRemove(entry.nwkAddr,entry.extAddr,tempJoiningDescNode->parentAddr);
            }
        }

        // If we are here, a joining device has been expired due to timeout either because it is a
        // legacy device (does not perform key exchange), it is an Z3.0 device that did not perform
        // key exchange intentionally, or it is a Z3.0 device that has failed to perform key exchange.
        // Depending on our TC settings, below we decide if this joiner should be removed from the
        // security manager

        uint16_t keyNvIndex;
        uint16_t index;
        APSME_TCLinkKeyNVEntry_t TCLKDevEntry;
        uint8_t found;

        //search for the entry in the TCLK table
        keyNvIndex = APSME_SearchTCLinkKeyEntry(tempJoiningDescNode->bdbJoiningNodeEui64,&found, &TCLKDevEntry);

        uint16_t nwkAddr;
        //Look up nwkAddr before it is cleared by ZDSecMgrAddrClear
        AddrMgrNwkAddrLookup(tempJoiningDescNode->bdbJoiningNodeEui64, &nwkAddr);

        // If TC is mandating key exchange, remove devices that have not successfully performed key exchange.
        // Keep entries for ZG_PROVISIONAL_KEY so install code derived key is maintained, so joiner can reattempt join
        // If we got here and have a ZG_VERIFIED_KEY (unexpected), do not remove this entry either
        if( (isTCLKExchangeRequired == true) &&
            (TCLKDevEntry.keyAttributes != ZG_PROVISIONAL_KEY) &&
            (TCLKDevEntry.keyAttributes != ZG_VERIFIED_KEY)
          )
        {
          //Remove the entry in address manager
          ZDSecMgrAddrClear(tempJoiningDescNode->bdbJoiningNodeEui64);

          //If found, erase it.
          if(found == TRUE)
          {
            memset(&TCLKDevEntry,0,sizeof(APSME_TCLinkKeyNVEntry_t));
            TCLKDevEntry.keyAttributes = ZG_DEFAULT_KEY;

            //Increase the shift by one. Validate the maximum shift of the seed which is 15
            index = keyNvIndex;

            TCLinkKeyRAMEntry[index].rxFrmCntr = 0;
            TCLinkKeyRAMEntry[index].txFrmCntr = 0;
            TCLinkKeyRAMEntry[index].entryUsed = FALSE;

            //Update the entry
            osal_nv_write_ex( ZCD_NV_EX_TCLK_TABLE, keyNvIndex,
                              sizeof(APSME_TCLinkKeyNVEntry_t),
                              &TCLKDevEntry );
          }
        }

        if(pfnTCLinkKeyExchangeProcessCB)
        {
          bdb_TCLinkKeyExchProcess_t bdb_TCLinkKeyExchProcess;
          OsalPort_memcpy(bdb_TCLinkKeyExchProcess.extAddr,tempJoiningDescNode->bdbJoiningNodeEui64, Z_EXTADDR_LEN);
          bdb_TCLinkKeyExchProcess.nwkAddr = nwkAddr;
          bdb_TCLinkKeyExchProcess.status = BDB_TC_LK_EXCH_PROCESS_EXCH_FAIL;

          bdb_SendMsg(bdb_TaskID, BDB_TC_LINK_KEY_EXCHANGE_PROCESS, BDB_MSG_EVENT_SUCCESS,sizeof(bdb_TCLinkKeyExchProcess_t),(uint8_t*)&bdb_TCLinkKeyExchProcess);
        }
        //Free the device from the list
        //The next pointer needs to be obtained before the previous pointer is released, fixed by Luoyiming at 2025-03-06
        bdb_joiningDeviceList_t* joiningDeviceToRemove = tempJoiningDescNode;
        tempJoiningDescNode = tempJoiningDescNode->nextDev;
        bdb_TCJoiningDeviceFree(joiningDeviceToRemove);
      }
      else
      {
        //The next pointer can only be obtained when the previous pointer has not been released, fixed by Luoyiming at 2025-03-06
        tempJoiningDescNode = tempJoiningDescNode->nextDev;
      }
    }
  }

  //we are done with the list
  if(bdb_joiningDeviceList == NULL)
  {
    OsalPortTimers_stopTimer(bdb_TaskID,BDB_TC_JOIN_TIMEOUT);
  }
}